author profile pic

By Eleanor Bennett

Interview

7 min read

For our latest expert interview on our blog, we’ve welcomed Joseph Williams, Director of the Leahy Center for Digital Forensics to share his thoughts on the topic of cybersecurity.

The Leahy Center for Digital Forensics at Champlain College is a leading world-class laboratory providing digital forensics and cybersecurity services to a wide variety of organizations, from government bodies to local businesses.

Trusted by the Department of Defense, Department of Justice, and the Secret Service, the Center provides computer forensics and digital investigation, operational support, training, research, and other technical services to assist law enforcement agencies in Vermont and throughout the nation.

Tell us about the Champlain College Leahy Center for Digital Forensics & Cybersecurity, what are its visions & goals?

The mission of The Leahy Center for Digital Forensics & Cybersecurity is to serve as a practical and hands-on laboratory environment, promoting the advancement of digital forensics & cybersecurity education at Champlain College and in our community. Most importantly, the Leahy Center is a place for the next generation of specialists and engineers to learn, grow, and hone their talents.

Our goals are to be an integral part of the learning experience for many Champlain College students. To provide an active learning environment for Champlain College students and teach them the skills they will need in the workplace. To open the door for students to learn by doing and to provide students with an active learning environment where they can learn through experience.

We accomplish these goals by providing essential cybersecurity and digital forensic services to the community through innovative research projects, managed support services, and outreach initiatives. As a professional development hub for Champlain College students, faculty, and staff, the Leahy Center fosters a sense of academic and professional purpose through student experiences that demonstrate the enduring value of a Champlain education.

What about the Leahy Center and its work inspires you?

The Leahy Center is providing opportunities to the next generation of cyber practitioners and forensicators through community initiatives. Champlain College is positioning its students to be leaders in cybersecurity and digital forensics.

It's exciting to work at the lab because I see young students learning and helping out in the community. The number of cyber incidents increases each year, and I get to work on the ground floor with individuals learning to help prevent these incidents while providing cyber and digital forensics research training to the public.

Can you share a little bit about yourself and how you got into cybersecurity?

As I finished my undergraduate degree at Texas A&M University in Bioenvironmental Science, I looked for jobs and ways to pay my student loans. I was in a field where salaries started in the low $20K at that time. One option presented to me was the US Navy's loan repayment program; the Navy would pay off all your student loans and give you a sign-on bonus for military service.

As my older brother was in the Navy and loved it, I thought this would be a good way for me to pay off my loans, get some money in my pocket and start a career. I went into the Navy, switching careers from science to IT. After 8yrs years in the Navy, I decided to join the civilian population. I came upon the job at Champlain College's newly developed Leahy Center for Digital Investigation (LCDI), now the Leahy Center for Digital Forensics & Cybersecurity.

Once I started working at the LCDI, the Director at that time, Jon Rejewski, started working on the Internet of Things (IoT) devices as part of a personal request from a client. He expanded our IoT research, and I took over that research once he left the college and became Director of the Leahy Center.

Could you walk us through a recent real-life scenario that the Leahy Center experienced while working with an organization and how the organization was affected?

Here is a scrubbed overview of what happened to keep client information safeguarded. One of our client's services is endpoint detection and response through our Security Team. The team at the Leahy Center noticed that a password spray attack targeted the mail server belonging to a client.

This attack used a brute-force method to guess correct passwords on various accounts, some of which exist on the server and some which do not. Based on our investigation, no accounts appear to have been compromised.

We provided the client with a detailed explanation of the attack methodology, possible theories, and remediation recommendations. One of the significant recommendations to the client was to enforce password complexity of 12 characters or more by their users.

What are some misconceptions that you believe businesses have about cybersecurity?

One big misconception that businesses have regarding cybersecurity is that they're unlikely to experience a security breach /cyber attack. This misconception follows the thinking that a company is unlikely to experience a cyberattack because of its industry or the nature of the business. But, in reality, a business will likely suffer some sort of security breach at some stage. So it is good to be prepared. Good preparation would be to have an incident response plan (IRP) in place. In the event of a breach, an IRP will help reduce the impact on the business and can help the business respond to the incident quicker.

Another misconception is that small and medium-sized businesses are not the target of cybercriminals because they are too small, or nobody wants their data. Cybercriminals may not directly target these businesses but could be looking for any and everything they could attempt to break into.

Usually, small and medium-sized businesses lack the security software or skilled IT personnel, making them a good easy target for cybercriminals to test their skills on or practice attacks. The Leahy Center's target clientele is small businesses and nonprofits because they may not have the personnel or the funds to protect them from cyberattacks. That's where we step in to help these organizations by providing alternative and extra eyes on their network.

A final misconception is that, as general users, employees may feel like they don't have a responsibility to worry about cybersecurity; that's the job of the IT department. Yes, the IT Department has a significant commitment to managing cybersecurity for an organization, but it is not solely their responsibility. It goes along with the saying "one bad apple can ruin a bunch."

One user that isn't following cybersecurity best practices can let a cybercriminal into a network. A security breach will have a significant impact on the entire organization with long-lasting effects. It's everyone's job in an organization to practice good cybersecurity hygiene.

What are the top best practices for businesses today on how to avoid cyber threats such as ransomware, phishing attacks, etc.?

● Training is a must. Businesses need to train users on cybersecurity best practices and reinforce that training by conducting drills on those best practices. Training should not be a one-and-done thing; it needs to be an ongoing practice by businesses. It also needs to be practised from top leadership down.

● Businesses should use and enable two-factor authentication on systems and services if a business can. Many platforms now use two-factor authentication; it adds an extra layer of security and protection.

● Have your IT team test, or hire out to test, your network. This can be in the form of internal and external vulnerability tests, penetration testing, or IT Assessments of your systems and services.

● Know what hardware and software are on your network and keep them updated. You should constantly update the latest version of your software; it will help protect your business from new or existing vulnerabilities. The most recent software upgrades may not support any outdated computer hardware. Old hardware could make it slower to respond to cyberattacks. It would help if you used hardware that is more up-to-date.

● Backups, doing them, having them, and testing them are essential. Having good backups can save a business if a cyberattack or ransomware happens. If a company has an offline backup, it will allow them to get back up and running while dealing with a cyberattack's damages.

What is one vital tip would you give to companies who are reviewing their cyber security?

To have a plan in place. While having your own cybersecurity team can be costly, there are many other options that businesses can do to prepare for a cyberattack. One of those options is having an IRP in place. Having an IRP will give companies a roadmap to follow if a cyberattack occurs.

Does your organization use log and metrics data to improve and secure the systems you work on? How do you find managing logs assists your day-to-day work?

Yes, we use long and metrics data to improve and secure our systems and our client's systems. We have a team that reviews logs as they come in, performs monthly reports from those logs, and makes recommendations for us to improve.

The right metrics can inform your business of a better way of doing business or securing a system. It can provide valuable information to make decisions, all in real time.

What is your number one go-to resource to stay current on news and trends in cybersecurity?

I tend to follow security professionals and security influencers on Twitter and LinkedIn. It's easy to use hashtags and customize feeds on those platforms. Another way I stay current is by setting up Google Alerts. I set up my alerts based on the trends I see on Twitter and LinkedIn. These are all easy because I can do them from my phone.

Would you like to share any cybersecurity forecasts or predictions of your own with our readers?

With the rise of so many IoT devices in personal use and business platforms, cybersecurity teams will incorporate IoT devices into their network defence plans. Many organizations don't have plans for an IoT cyberattack or don't have detection or response on IoT devices.

With so many of these devices in society now, they will be the next step in entry points for cyberattacks. This means cybersecurity practitioners will need to plan for these types of attacks.

If you enjoyed this article then why not check out our latest guide to Splunk alternatives or our guide to software deployment tools?

Get the latest elastic Stack & logging resources when you subscribe

backReturn to Blog

© 2022 Logit.io Ltd, All rights reserved.